A secretive Chinese military unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking.

The company, Mandiant, identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the unit had carried out "sustained" attacks on a wide range of industries.

"The nature of 'Unit 61398's' work is considered by China to be a state secret; however, we believe it engages in harmful 'Computer Network Operations'," Mandiant said in a report released in the United States on Monday.

The Chinese army appears to be conducting cyberhacking and espionage against large U.S. corporations, according to an extensive report from computer security firm Mandiant.

The report even identifies the unit and the building behind the cyberwar.

Beijing has long been suspected of espionage costing global corporations billions of dollars â€” such as when a hacking incident at Lockheed Martin was followed by the appearance of suspiciously familiar Chinese jets â€” though it was hard to find evidence.

Indeed, it makes sense that China, in its breakneck push to become a world power, would use all available technology to catch the west.

Following Mandiant's 75-page report, however, the cyberwar is all but official.
We have distilled the alarming report and posted it below.

According to Mandiant, what China's hacking program coordinators do is seek students with outstanding English skills who are handpicked for "Advanced Persistent Threat" training (APT). The APT teams are broken down into groups and divided among locations in and around Shanghai, universities, commercial corridors, and largely innocuous places.

Wherever they go, each team is assigned a Military Unit Cover Designator (MUCD). The MUCD is a five-digit number by which the unit, its people, its location, and its work is referred to. The designation makes the teams more difficult to isolate and track.

MUCDs report all the way up to the Chinese equivalent to the Joint Chiefs of Staff, according to Mandiant. That implies this practice is part of China's overt military policy against foreign nations.

The needs are then broken down further into Profession Codes â€” such as 080902 for Circuits & Systems â€” Required Proficiencies â€” such as 101 for political, 201 for English, etc.

With hundreds or thousands of these teams lined up, the Chinese start phishing for passwords, according to Mandiant. The teams have refined and perfected dialogue, slang, and responses that appear nearly seamless to the colleagues they're trying to impersonate. In the beginning it all looks just like this:

its the old fashion espionage tic tac toe between 2 countries except with internet. i'm sure us/india/russia and other hire thousands software engineer/hackers to defend and infiltrate other country network.

its the old fashion espionage tic tac toe between 2 countries except with internet. i'm sure us/india/russia and other hire thousands software engineer/hackers to defend and infiltrate other country network.

Online security firm traces breaches to building occupied by Chinese military

David Usborne

Tuesday, 19 February 2013
A barrage of malicious cyber-attacks against computer networks in the United States and other countries over several years has been sourced by a private US security firm to a single building on the fringes of Shanghai, which, it says, is occupied by the Chinese military.

A 60-page report released by Mandiant, a Virginia-based firm that specialises in cyber-espionage, concludes that hundreds or perhaps thousands of English-speaking Chinese computer experts toil daily inside the anonymous-looking 12-storey building in the Pudong district of Shanghai. â€˜Unit 61398â€™, as it is known, hacks into foreign networks on behalf of the Peopleâ€™s Liberation Army (PLA), Mandiant alleges.

â€œThe nature of Unit 61398â€™s work is considered by China to be a state secret; however, we believe it engages in harmful computer network operations,â€ the security firm said in the report, which drew instant rebukes from the Chinese government. â€œIt is time to acknowledge the threat that is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively.â€

The company asserted that the unit, one of several in China believed to be involved in invading overseas computer systems, had â€œstolen hundreds of terabytes of data from at least 141 organisations across a diverse set of industries beginning as early as 2006â€. While most of the activity targeted corporations in the United States are smaller number is located in Canada and Britain, it said.

Cyber-espionage is becoming an increasingly urgent worry in Washington. The concern is not just that China, as well any number of other countries, is successfully stealing corporate information â€“ for example merger plans, design blueprints, pricing documents or negotiating strategies â€“ but that it is developing the capacity to sabotage physical infrastructure networks in the US like gas pipelines or power grids.

â€œIn the cold war, we were focused every day on the nuclear command centres around Moscow,â€ one senior defence official was cited as saying by the New York Times, which first revealed the contents of the Mandiant report. â€œToday, itâ€™s fair to say that we worry as much about the computer servers in Shanghai.â€

President Barack Obama included a call to arms to confront the cyber-threat in his State of the Union address last week. â€œWe know foreign countries and companies swipe our corporate secrets,â€ he said. â€œNow our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing.â€

Beijing continues to deny sanctioning such activity. â€œHacking attacks are transnational and anonymous,â€ foreign ministry spokesman Hong Lei said. â€œDetermining their origins are extremely difficult. We donâ€™t know how the evidence in this so-called report can be tenable.â€ When BBC journalists approached the building they were briefly detained and forced to relinquish their footage.

Unit 61398 has been known both to private cyber-security firms as well as US intelligence for a while and is sometimes referred as the â€˜Comment Crewâ€™ because it has been known to infiltrate online forums and leave comments. The Mandiant report does not name any victims but says that the 141 companies already infiltrated span 20 major industries.

American companies known to have been targeted by Comment Crew, however, include Coca Cola at a time when it was considering a take-over of a Chinese juice company and RSA, a technology company that creates computer codes to protect confidential corporate and government databases. Alarm bells sounded last September when a unit of Telvent which supplies equipment enabling utility companies remotely to operate valves and switches on gas and oil networks had been invaded by unidentified cyber-intruders.

Responding to the report, White House spokeswoman Caitlin Hayden reiterated only that the United States â€œhas substantial and growing concerns about the threats to U.S. economic and national security posed by cyber intrusions, including the theft of commercial information.â€

The Mandiant report acknowledges that while it has traced assorted cyber-intrusions to servers precisely in the rather run-down district of Pudong where the building occupied by Unit 61398 stands, it cannot be certain they are actually within its walls. But to suppose they are not is barely plausible, the firm says.

the building localed in Gaoqiao town.
a document shows they call the building Gaoqiao front or Gaoqiao position.
Good catch, US cyber solder.
hopefully Chinese cyber soldiers also have "Distinguished Warfare Medal "
Chinese hacker looks naive before US.
The Pentagon sparked an uproar among troops and veterans this week when it revealed that a new high-level medal honoring drone pilots will rank above some traditional combat valor medals in the military's "order of precedence."

AN AMERICAN information-security firm has identified a secretive Chinese military unit as the likely source of hacking attacks against more than a hundred companies around the world. In a report made public on Tuesday, the firm, Mandiant, based in Alexandria, Virginia, said it could now back up suspicions it first reported in more qualified form in 2010.

The firm had said then the Chinese government may have authorised the hacking activity it had traced to China, but that there was â€œno way to determine the extentâ€ of official involvement. In its new report, Mandiant upgrades its assessment. â€œThe details we have analysed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them,â€ the report said.

Chinaâ€™s government has denied the allegations. Hong Lei, a spokesman for Chinaâ€™s foreign ministry, said on February 19th that China has itself been a victim of cyber-attacks, and that it enforces laws that ban such activity. â€œGroundless criticism is irresponsible and unprofessional, and it will not help to solve the problem," he said of the Mandiant report.

According to the report, a Shanghai-based unit of the Peopleâ€™s Liberation Army General Staff Department, known as Unit 61398, is staffed by hundreds and possibly thousands of people specially trained in network security, digital signal processing, covert communications and English linguistics. The unitâ€™s 12-storey building (pictured above) has been equipped with special fibre-optic communications infrastructure â€œin the name of national defenceâ€.